CN105049211B - Voidable Identity based encryption method on lattice based on accumulator - Google Patents

Voidable Identity based encryption method on lattice based on accumulator Download PDF

Info

Publication number
CN105049211B
CN105049211B CN201510408926.9A CN201510408926A CN105049211B CN 105049211 B CN105049211 B CN 105049211B CN 201510408926 A CN201510408926 A CN 201510408926A CN 105049211 B CN105049211 B CN 105049211B
Authority
CN
China
Prior art keywords
accumulator
key
identity
user
steps
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510408926.9A
Other languages
Chinese (zh)
Other versions
CN105049211A (en
Inventor
高元飞
郄兵兵
王尚平
杜青
张亚玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kang Yuan Intelligent Technology Co Ltd
Original Assignee
Shenzhen Kang Yuan Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kang Yuan Intelligent Technology Co Ltd filed Critical Shenzhen Kang Yuan Intelligent Technology Co Ltd
Priority to CN201510408926.9A priority Critical patent/CN105049211B/en
Publication of CN105049211A publication Critical patent/CN105049211A/en
Application granted granted Critical
Publication of CN105049211B publication Critical patent/CN105049211B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of voidable Identity based encryption methods on lattice based on accumulator, are specifically implemented according to the following steps:Step 1, system are established;Step 2, private key generate;Step 3, more new key generate;Step 4, decruption key generate;Step 5, encryption;Step 6, decryption;Step 7, revocation, the present invention are added to user identity revocation mechanism, can effectively realize the Identity Management of user;The present invention is based on the LWE difficult problems on lattice, can resist quantum attack, and computational efficiency with higher;The size of the more new key of user is constant in the present invention, will not be increased with the increase of number of users, and the present invention solves the problems, such as that private key for user existing in the prior art is revealed, is difficult to resist quantum attack.

Description

Voidable Identity based encryption method on lattice based on accumulator
Technical field
The invention belongs to field of information security technology, and in particular to voidable based on accumulator is based on body on a kind of lattice The encryption method of part.
Background technique
Identity-based cryptosystems overcome the maintenance, update and revocation etc. of public key certificate in traditional public-key cryptosystem Problem.Identity- based cryptography fundamentally changes the management and running of certificate in traditional public key system framework.Base It is in the cryptographic system of identity with the common different place of public key cryptosyst, entity in Identity- based cryptography system Public identity information is the unique identification of entity, and the public key of user can be exported by identity information.These schemes are in some enterprises Have good application prospect in public institution, as between personal and individual, between personal and businessman, businessman and businessman, enterprise with The E-Government dealing etc. between business exchange or government department between enterprise.
In order to guarantee the safety for the encryption system for possessing a large number of users, identity revocation mechanism is very necessary.System is used Family public key is revoked there are many reason:First, the private key leakage of user;Second, which is no longer a legal user, this Need to cancel the user in the case of kind.Such as in an enterprise management system, some employee from the enterprise resign, then need from The user or some employee's altered data or leakage enterprise's privacy are cancelled in the system, violate the regulations system of the enterprise Degree, it is also desirable to the user is cancelled from the system.
In view of above-mentioned practical problem, voidable Identity based encryption technique study is very practical.It is raw in reality In work, there are many such a example, such as secrecy office, all kinds of enterprises, business, communication etc. field.In these cases, it removes It sells public-private key pair and is replaced being critically important with new key.Voidable Identity-based encryption adds in identity-based Effective cancelling method is provided in close scheme, trusted authority regularly issues the more new key of non-revocation user, and only User possesses newest more new key, he just can correctly decrypt ciphertext.Therefore, with internet product it is fast-developing with And be widely used, studying voidable Identity-based encryption has good development prospect.
Summary of the invention
The object of the present invention is to provide a kind of voidable Identity based encryption methods on lattice based on accumulator, solve Private key for user leakage existing in the prior art is difficult to the problem of resisting quantum attack.
The technical scheme adopted by the invention is that the voidable Identity based encryption method on lattice based on accumulator, It is specifically implemented according to the following steps:
Step 1, system are established;
Step 2, private key generate;
Step 3, more new key generate;
Step 4, decruption key generate;
Step 5, encryption;
Step 6, decryption;
Step 7, revocation.
The features of the present invention also characterized in that
Step 1 is specifically implemented according to the following steps:
The sum of step (1.1), the maximum number of input security parameter λ and user and time cycle number N, enables user IdentityHerePeriod Definition φ is one-to-one mappingParameter m=is arranged in φ (id)=d, φ (t)=l, d, l ∈ { 1 ..., N } 2nlog q,
Step (1.2) uses the trapdoor generating algorithm TrapGen (q, n) based on lattice, generation one random uniform n × m Tie up matrixAndBaseMeet
Step (1.3) chooses 4 random homogeneous matrixAnd 2n-1 random homogeneous matrixOne n-dimensional vector of random uniform design
Step (1.4), the set for enabling U indicate that the index for all elements being added in accumulator is constituted, but need not It to be included in current accumulator, enableAccumulator original state is setState Revocation list RL is initially set to sky, exports common parameter and master key:
Step 2 is specifically implemented according to the following steps:
Step (2.1), input common parameter PP, master key MK, identity id, state STU, V is enabled to indicate in current accumulator The set that the index of all elements is constituted, thereforeGiven i=φ (id) ∈ [n];
Step (2.2), first calculating matrix
Here mark | | indicate cascaded operational;
Step (2.3), sampling vectorMeet distribution simultaneouslyUse private keyIt crosses Journey is as follows:
Evidence
Step (2.4), update accumulator and state are as follows:
AccV∪{i}=AccV+Bi
STU∪{i}={ U ∪ { i }, B1,…,Bn}
Step (2.5), samplingMeetWherein H It is the mapping of full rank difference, enables Fid:=(A0||A1+H(id)C1), Fid·eid=u existsOn, eidIt is generally evenly distributed in On, mark here | | indicate cascaded operational;
Step (2.6), output private key
Definition set VwIt indicates to work as evidence wiIt is created, includes the element in accumulator, therefore, VwFor each user It is fixed, and it is the subset of U, key authority is private key SKidWith set VWTo user.
Step 3 is specifically implemented according to the following steps:
Step (3.1), deletion and a upper time period t ' relevant l '=φ (t ') from set V;
Step (3.2), deleted from set V it is all in RL correspond to time period t ' j=φ (id);
Step (3.3) updates accumulator, i.e., for updated set V,
Step 4 is specifically implemented according to the following steps:
Step (4.1), user detect at following 4 points:
(a), i=φ (id), l=φ (t) ∈ V,
(b)、
(c), it calculatesIt detects whether I.e.
(d), w is verifiedlWhether meet
Step (4.2) if, the above-mentioned one of failure of 4 verifyings, decruption key generates output termination, otherwise, solution Key replaces current accumulator with newest accumulator, then more fresh evidence and to calculate latest decrypted key as follows:
If i ∈ V, andIt calculates:
Otherwise eventually Only, decruption key DK is setid,t=(eid,wi′)。
Step 5 is specifically implemented according to the following steps:
Step (5.1), given message M, the newest accumulator Acc comprising current timeV
Step (5.2) enables
Here mark | | indicate cascaded operational;
Step (5.3), random uniform designRandom uniform design dimension of m m matrix Select noisy vectorWithAnd it is arranged
Step (5.4) enablesIt exports close Text
Step 6 is specifically implemented according to the following steps:
Step (6.1), input common parameter PP, decruption key DKid,tWith ciphertext CTid,t=(c0,c1,c2);
Step (6.2) calculates
Step (6.3), compare w andIf1 is then exported, otherwise, output 0.
Step 7 is specially:
If i=φ (id) ∈ STU, then (id, t) is added to revocation list RL.
The invention has the advantages that the voidable Identity based encryption method on lattice based on accumulator, is based on lattice Quantum attack, and computational efficiency with higher can be resisted, selects identity security, and more new key of the invention is big Small is constant, and the present invention is added to user identity revocation mechanism, can effectively realize the Identity Management of user, entire to guarantee The safety of encryption system.
Specific embodiment
The present invention is described in detail With reference to embodiment.
Voidable Identity based encryption method on lattice of the present invention based on accumulator, it is specifically real according to the following steps It applies:
Step 1, system are established:
It is specifically implemented according to the following steps:
The sum of step (1.1), the maximum number of input security parameter λ and user and time cycle number N, enables user IdentityHerePeriod Definition φ is one-to-one mappingParameter m=is arranged in φ (id)=d, φ (t)=l, d, l ∈ { 1 ..., N } 2nlog q,
Step (1.2) uses the trapdoor generating algorithm TrapGen (q, n) based on lattice, generation one random uniform n × m Tie up matrixAndBaseMeet
Step (1.3) chooses 4 random homogeneous matrixAnd 2n-1 random homogeneous matrixOne n-dimensional vector of random uniform design
Step (1.4), the set for enabling U indicate that the index for all elements being added in accumulator is constituted, but need not It to be included in current accumulator, enableAccumulator original state is setState Revocation list RL is initially set to sky, exports common parameter and master key:
Step 2, private key generate:
It is specifically implemented according to the following steps:
Step (2.1), input common parameter PP, master key MK, identity id, state STU, V is enabled to indicate in current accumulator The set that the index of all elements is constituted, thereforeGiven i=φ (id) ∈ [n];
Step (2.2), first calculating matrix
Here mark | | indicate cascaded operational;
Step (2.3), sampling vectorMeet distribution simultaneouslyUse private keyIt crosses Journey is as follows:
Evidence
Step (2.4), update accumulator and state are as follows:
AccV∪{i}=AccV+Bi
STU∪{i}={ U ∪ { i }, B1,…,Bn}
Step (2.5), samplingMeetWherein H is The mapping of full rank difference, enables Fid:=(A0||A1+H(id)C1), Fid·eid=u existsOn, eidIt is generally evenly distributed inOn, Here mark | | indicate cascaded operational;
Step (2.6), output private key
Definition set VwIt indicates to work as evidence wiIt is created, includes the element in accumulator, therefore, VwFor each user It is fixed, and it is the subset of U, key authority is private key SKidWith set VWTo user;
Step 3, more new key generate:
It is specifically implemented according to the following steps:
Step (3.1), deletion and a upper time period t ' relevant l '=φ (t ') from set V;
Step (3.2), deleted from set V it is all in RL correspond to time period t ' j=φ (id);
Step (3.3) updates accumulator, i.e., for updated set V,
Step 4, decruption key generate:
It is specifically implemented according to the following steps:
Step (4.1), user detect at following 4 points:
(a), i=φ (id), l=φ (t) ∈ V,
(b)、
(c), it calculatesIt detects whetherI.e.
(d), w is finally verifiedlWhether detect
Step (4.2) if, the above-mentioned one of failure of 4 verifyings, decruption key generates output termination, otherwise, solution Key replaces current accumulator with newest accumulator, then more fresh evidence and to calculate latest decrypted key as follows:
If i ∈ V, andIt calculates:
Otherwise eventually Only, decruption key DK is setid,t=(eid,wi′);
Step 5, encryption:
It is specifically implemented according to the following steps:
Step (5.1), given message M, the newest accumulator Acc comprising current timeV
Step (5.2) enables
Here mark | | indicate cascaded operational
Step (5.3), random uniform designRandom uniform design dimension of m m matrix2 Select noisy vectorWithAnd it is arranged
Step (5.4) enablesIt exports close Text
Step 6, decryption:
It is specifically implemented according to the following steps:
Step (6.1), input common parameter PP, decruption key DKid,tWith ciphertext CTid,t=(c0,c1,c2);
Step (6.2) calculates
Step (6.3), compare w andIf1 is then exported, otherwise, output 0;
Step 7, revocation:
Specially:
If i=φ (id) ∈ STU, then (id, t) is added to revocation list RL.
The safety of the voidable Identity based encryption method on lattice of the present invention based on accumulator is divided below Analysis:
(1), correctness proof:
Correctness derivation process of the invention is as follows:
Theorem:Error term in above-mentioned correctness proofBoundary be
It proves:In order to prove the boundary of error term, e is enabledid=(eid,1|eid,2), wi'=(wi,1′,wi,2') whereinIt is obtained by left sampling algorithm:It is obtained by Gauss sampling algorithm:Then
Using lemma 1, lemma 1 is described as follows:
Lemma 1:Enabling e isIn vector,Then | eTY | value be integer in [0, q-1], and with can not The probability ignored meets
Error term is defined as
The boundary of above-mentioned error term is
In order to guarantee the correctness of scheme, pass through setting parameter q, n, m, σ, α, it is ensured that error term is less than q/5, in scheme Parameter estimation procedure it is as follows:
(a) error term is less than q/5, that is to say, that
(b) trapdoor generating algorithm need to meet m > 2nlogq,
(c) for left sampling algorithm and Gauss sampling algorithm, σ to be ensured of it is sufficiently large, i.e.,
(d) process is about subtracted according to scholar Regev, parameter needs to meet
In order to meet above-mentioned requirement, setting parameter is as follows:
(a) m=2nlogq,
(b)
(c) noise parameter
(d) modulus q is a prime number and meets
(2), Security Proof:
Theorem:RIBE is broken through with advantage ε > 0 at IND-sID-CPA if there is a probabilistic polynomial time algorithm A Scheme, then existing probability polynomial time algorithm B is determined with the advantage of εProblem.
It proves:If opponent A breaks through scheme with the advantage that can not ignore, challenger B can determine by opponent AProblem.Proof procedure is carried out between a series of game, first game and security model In IND-sID-CPA game it is identical, in the last one game, the advantage A of opponent is 0, as long as prove a probability it is multinomial Formula time opponent A cannot distinguish between any two game, that is, demonstrates opponent and win original IND- with insignificant advantage SID-CPA game.
Game 0:The security model of the game is the safety of chosen -plain attact and the undistinguishable under selection identity attack Model (IND-sID-CPA).Challenger B selects n+4 random matrixIt generates Common parameter PP and master key MK.In the challenge stage, challenger generates challenge ciphertext CT*.It enablesFor i= 1,2, indicate creation ciphertext CT*When 2 of short duration random matrixes using.
Game 1:In game 1, challenger, which changes, generates common parameter matrix A1,A2Mode, enable (id*,t*) it is that A is wanted The identity time pair of challenge, φ (id*)=i*,φ(t*)=l*, challenger B is in establishment stage selection random matrix And structural matrix A1,A2It is as follows:
Remaining parameter constant in game.It noticesBe selected in advance in establishment stage, and And about challenge identity id*With challenge time t*Knowledge be unwanted.
Lemma 2:Assuming that m > (n+1) logq+w (logn), q is prime number.It enablesIt is uniform design, enabling R is m The matrix of × m dimension, in { -1,1 }m×mThe upper uniform design of modq.Then, for all vectorsDistribution (A, AR, RTIt w) is counted close to distribution (A, B, RTW).
By using lemma 2, it was demonstrated that game 0 and game 1 are undistinguishables.Observation is in game 1, matrixOnly it is used only for structural matrix A1,A2And construction challenge ciphertext CT*In the error vector usedBy using lemma 3, it is distributed (A0,A0R1 *,z1) and (A0,C1′,z1) it is that statistics is close, It is distributed (A0,A0R2 *,z2) and (A0,C2′,z1) it is that statistics is close, wherein C1′,C2' beOn uniformly random matrix.Cause This, from the perspective of opponent, matrix A0Ri *It is close to uniformly, and independently of z, so A defined above1,A2It is to connect It is bordering on uniform.Therefore, A1,A2It is undistinguishable in game 1 and game 2.
Game 2:In game 2, we change the selection mode for changing u in parameter, and challenger generates id=id*,t =t*Corresponding private key and more new key is as follows:
In order to about subtract conveniently, opponent is divided into two types by we:
Class1:Opponent selects inquiry challenge identity id*Private key, but id*In t*It has been revoked before moment.
Type 2:Opponent is not at any time to challenge identity id*Private key inquired.
If that challenger faces is the opponent in the first seed type, generateAnd And enable u ← Fid·eid, then enable Wherein l= φ (t), i=φ (id).Because of id*In inquiry t*It has been cancelled before more new key, it is known that in newest accumulator, Without id*Record.Challenger uses (eid,wi) as about id*Private key inquiry answer, with (wl) as about challenge Time t*Update key challenge answer.
If that challenger faces is the opponent of second of type, generateWherein L=φ (t).Because of id*Private key be never asked, challenger use (wl) as about challenge time t*Update key challenge Answer.
Known by lemma 1, above-mentioned eid,wi,wlBe fromUpper sampling, it is counted close in true schemeParticularly, Wo Menyou BecauseIt can regard asBe the matrix randomly selected, known by lemma 2, u be statistics close toOn uniformly point Cloth.Therefore, that opponent cannot distinguish between challenger's simulation is which type of opponent, and is hadProbability simulation correctly swim Play.Therefore, if correct game is modeled, game 1 and game 2 are undistinguishables.
Game 3:Now, challenger changes the A in game 20,C1,C2Selection mode, in game 3, generator matrix A0 It is oneOn random matrix, and generator matrix C1,C2It is to meet C using TrapGen algorithm1,C2It isOn with Machine matrix, and challenger possessesTrapdoorWithTrapdoorFor matrix A1,A2Construction and trip It is the same in play 1.
In order to answer the inquiry of private key and more new key, wherein id ≠ id*,t≠t*, we use trapdoorTo replace TrapdoorIt enables
Because of [H (id)-H (id*)] andIt is nonsingular, so, trapdoorIt is alsoCorresponding trapdoor, wherein
Present challenger answers all id ≠ id*Private key inquiry it is as follows:
Wherein φ (id)=i.
Present challenger answers all t ≠ t*Update key challenge it is as follows:
Wherein φ (t)=l.
Because the σ used in encryption system is the part e in private key that is sufficiently large, simulatingidIt is that statistics is close InwiBe statistics close toSimulate the part w for the more new key comelBe statistics close to Challenger answers id*Private key inquiry and t*Update key challenge as being in game 2.Otherwise game 3 and trip Play 2 is the same.In game 3, in order to answer private key inquiry and update key challenge, the matrix A of construction0,C1,C2It is statistics Close to the original matrix in game 2, therefore, opponent is at most insignificant different from excellent in game 2 in the advantage in game 3 Gesture, that is to say, that game 2 and game 3 are undistinguishables.
Game 4:Game 4 is the same as game 3, in addition to challenging ciphertext (c0 *,c1 *,c2 *) beOn with The element that machine is chosen.Because challenging the ciphertext always new random element in the cryptogram space, the opponent in this game Advantage be 0.Staying for task proves that game 3 and game 4 are computationally indistinguishables, is asked by using a LWE The specification of topic.
The specification of Learn with Error (LWE) problem:Assuming that opponent has the advantage that can not ignore to distinguish 3 He of game Game 4 is constructed a LWE algorithm by using opponent, is denoted as B.The example for looking back LWE problem is foretold by a sampling What machine O was provided, it is the prophesy machine O of completely random that the prophesy is confidential$It or is the pseudorandom oracle machine O with noises.Challenger B distinguishes two game using opponent, and process is as follows:
Instantiation:B inquires prophesy machine O, is answered.For i=0 ..., m, a new pairIt builds It is vertical:The common parameter PP that B constructs system is as follows:
1, it using m example of the LWE problem previously provided, enablesI-th column be in LWE problem example n dimension Vector ui, for i=1 ..., m.
2, specifying the 0th sampling of LWE example becomes random n-dimensional vector
3, the residual term for constructing common parameter, that is, be exactly A1,A2,C1,C2Construction as in game 3, by using id*,t*,
4, common parameter PP=(A is sent0,A1,A2,C1,C2,B1,…,Bn) give opponent.
Inquiry:Challenger answers private key inquiry as in game 3 and updates key challenge.
Challenge:When opponent provides a message bit b*∈ { 0,1 }, construction one corresponds to target (id*,t*) challenge Ciphertext is as follows:
1, v is enabled0,…,vmIt is the component from LWE example, setting
2, message bit is blinded, order is passed through
3, it enables
4, a random bit r ∈ { 0,1 } is selected to send ciphertext if r=0To opponent, such as Fruit r=0 then sends a random ciphertextTo opponent.
Next it discusses, when LWE prophesy machine is pseudorandom oracle machine, i.e. O=Os, then have CT*Distribution and game Distribution in 3 is consistent.It is obtained firstly, we observe
Secondly, passing through OsDefinition, it is known thatFor some random noise vectorsIt is distributed in Therefore, it defines in step 3Meet
It and is the c that ciphertext is effectively challenged in game 3 on the right of equation1, c2Part.We also noted thatThis is precisely the c that ciphertext is challenged in game 30Part.
Work as O=O$, v0It is generally evenly distributed inOn, v*It is generally evenly distributed inOn.Therefore, fixed in above-mentioned steps 3 JusticeIt is uniform and is independently distributed It is uniform and is independently distributed
Therefore, challenge ciphertext is always generally evenly distributed inOn as in game 4.
Conjecture:Allow to carry out additional inquiry later, opponent guesses.If opponent wins game, challenger is borrowed Opponent is helped to solve the problems, such as that LWE questions and argues repeatedly.
Our mistakes by discussion, work as O=O$, the angle of opponent works as O=O as game 4s, the angle and game 3 of opponent Equally.Therefore, the advantage and opponent for solving the challenger of LWE problem are distinguished as game 3 with the advantage of game 4 is.This is just The description of algorithm B is completed, and completes our proof.

Claims (3)

1. the voidable Identity based encryption method on lattice based on accumulator, which is characterized in that specifically according to the following steps Implement:
Step 1, system are established;
Step 2, private key generate;
Step 3, more new key generate;
Step 4, decruption key generate;
Step 5, encryption;
Step 6, decryption;
Step 7, revocation;
Wherein, the step 1 is specifically implemented according to the following steps:
The sum of step (1.1), the maximum number of input security parameter λ and user and time cycle number N, enables user identityHerePeriod Definition φ is one-to-one mappingParameter m=is arranged in φ (id)=d, φ (t)=l, d, l ∈ { 1 ..., N } 2nlogq,
Step (1.2) ties up square using the trapdoor generating algorithm TrapGen (q, n) based on lattice, generation one random uniform n × m Battle arrayAndBaseMeet
Step (1.3) chooses 4 random homogeneous matrixAnd 2n-1 random homogeneous matrixOne n-dimensional vector of random uniform design
Step (1.4), the set for enabling U indicate that the index for all elements being added in accumulator is constituted, but unnecessary packet It is contained in current accumulator, enablesAccumulator original state is setState Revocation list RL is initially set to sky, exports common parameter and master key:PP=(A0,A1,A2,C1,C2,B1,…,Bn,u),
The step 2 is specifically implemented according to the following steps:
Step (2.1), input common parameter PP, master key MK, identity id, state STU, V is enabled to indicate all members in current accumulator The set that the index of element is constituted, thereforeGiven i=φ (id) ∈ [n];
Step (2.2), first calculating matrix
Here mark | | indicate cascaded operational;
Step (2.3), sampling vectorMeet distribution simultaneouslyUse private keyProcess is such as Under:
Evidence
Step (2.4), update accumulator and state are as follows:
AccV∪{i}=AccV+Bi
STU∪{i}={ U ∪ { i }, B1,…,Bn}
Step (2.5), samplingMeetWherein H is full rank Difference mapping, enables Fid:=(A0||A1+H(id)C1), Fid·eid=u existsOn, eidIt is generally evenly distributed inOn, here Mark | | indicate cascaded operational;
Step (2.6), output private key
Definition set VwIt indicates to work as evidence wiIt is created, includes the element in accumulator, therefore, VwIt is solid for each user Fixed, and it is the subset of U, key authority is private key SKidWith set VWTo user;
The step 3 is specifically implemented according to the following steps:
Step (3.1), deletion and a upper time period t ' relevant l '=φ (t ') from set V;
Step (3.2), deleted from set V it is all in RL correspond to time period t ' j=φ (id);
Step (3.3) updates accumulator, i.e., for updated set V,
The step 4 is specifically implemented according to the following steps:
Step (4.1), user detect at following 4 points:
(a), i=φ (id), l=φ (t) ∈ V,
(b)、
(c), it calculatesIt detects whetherI.e.
(d), w is verifiedlWhether satisfaction detects
Step (4.2) if, the above-mentioned one of failure of 4 verifyings, decruption key generates output termination, otherwise, decrypts close Key replaces current accumulator with newest accumulator, then more fresh evidence and to calculate latest decrypted key as follows:
If i ∈ V, andIt calculates:
Otherwise it terminates, if Set decruption key DKid,t=(eid,wi′);
The step 5 is specifically implemented according to the following steps:
Step (5.1), given message M, the newest accumulator Acc comprising current timeV
Step (5.2) enables
Here mark | | indicate cascaded operational;
Step (5.3), random uniform designRandom uniform design dimension of m m matrixSelection Noisy vectorWithAnd it is arranged
Step (5.4) enablesExport ciphertext
2. the voidable Identity based encryption method on lattice according to claim 1 based on accumulator, feature exist In the step 6 is specifically implemented according to the following steps:
Step (6.1), input common parameter PP, decruption key DKid,tWith ciphertext CTid,t=(c0,c1,c2);
Step (6.2) calculates
Step (6.3), compare w andIf1 is then exported, otherwise, output 0.
3. the voidable Identity based encryption method on lattice according to claim 1 based on accumulator, feature exist In the step 7 is specially:
If i=φ (id) ∈ STU, then (id, t) is added to revocation list RL.
CN201510408926.9A 2015-07-13 2015-07-13 Voidable Identity based encryption method on lattice based on accumulator Expired - Fee Related CN105049211B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510408926.9A CN105049211B (en) 2015-07-13 2015-07-13 Voidable Identity based encryption method on lattice based on accumulator

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510408926.9A CN105049211B (en) 2015-07-13 2015-07-13 Voidable Identity based encryption method on lattice based on accumulator

Publications (2)

Publication Number Publication Date
CN105049211A CN105049211A (en) 2015-11-11
CN105049211B true CN105049211B (en) 2018-11-27

Family

ID=54455434

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510408926.9A Expired - Fee Related CN105049211B (en) 2015-07-13 2015-07-13 Voidable Identity based encryption method on lattice based on accumulator

Country Status (1)

Country Link
CN (1) CN105049211B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788988B (en) * 2016-11-28 2019-09-17 暨南大学 Voidable key polymerize encryption method under cloud environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102013980A (en) * 2009-05-06 2011-04-13 刘海云 Random encryption method for decrypting by adopting exhaustion method
CN102201920A (en) * 2011-07-12 2011-09-28 北京中兴通数码科技有限公司 Method for constructing certificateless public key cryptography
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
CN103647642A (en) * 2013-11-15 2014-03-19 河海大学 Certificate-based agent heavy encryption method and system
CN104158661A (en) * 2014-07-23 2014-11-19 中国人民武装警察部队工程大学 Disposable public key encryption structuring method based on fuzzy identity

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7349538B2 (en) * 2002-03-21 2008-03-25 Ntt Docomo Inc. Hierarchical identity-based encryption and signature schemes

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102013980A (en) * 2009-05-06 2011-04-13 刘海云 Random encryption method for decrypting by adopting exhaustion method
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN102201920A (en) * 2011-07-12 2011-09-28 北京中兴通数码科技有限公司 Method for constructing certificateless public key cryptography
CN103647642A (en) * 2013-11-15 2014-03-19 河海大学 Certificate-based agent heavy encryption method and system
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
CN104158661A (en) * 2014-07-23 2014-11-19 中国人民武装警察部队工程大学 Disposable public key encryption structuring method based on fuzzy identity

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《可撤销属性的格基属性加密方案》;张欣威等;《空军工程大学学报(自然科学版)》;20150630;第16卷(第3期);第87-91页 *
《格上可撤销的基于身份的适应性安全的加密方案》;张彦华等;《电子与信息学报》;20150228;第37卷(第2期);第423-427页 *

Also Published As

Publication number Publication date
CN105049211A (en) 2015-11-11

Similar Documents

Publication Publication Date Title
Han et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption
Shi et al. Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation
Shankar et al. RGB-based secure share creation in visual cryptography using optimal elliptic curve cryptography technique
CN105406967B (en) A kind of hierarchical attribute encipherment scheme
Li et al. Continuous leakage-resilient certificate-based encryption
Cheon et al. Multi-party privacy-preserving set intersection with quasi-linear complexity
Li et al. Certificateless hybrid signcryption
CN105024821B (en) Voidable Identity based encryption method on lattice
CN107615285A (en) The Verification System and device encrypted including the unclonable function of physics and threshold value
CN109600233A (en) Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method
CN102594570A (en) Key threshold algorithm based on level identity encryption
Liang et al. Privacy-preserving decentralized ABE for secure sharing of personal health records in cloud storage
CN105162573A (en) Attribute encryption method based on multi-linear mapping and achieving strategy of secret key revocation in an authority separating way
CN110190945A (en) Based on adding close linear regression method for secret protection and system
Zhang et al. Feacs: A flexible and efficient access control scheme for cloud computing
Boshrooyeh et al. Privado: Privacy-preserving group-based advertising using multiple independent social network providers
Abusukhon et al. An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm
Toorani On continuous after-the-fact leakage-resilient key exchange
Chen et al. Certificateless signatures: structural extensions of security models and new provably secure schemes
Lewko Functional encryption: new proof techniques and advancing capabilities
CN105049211B (en) Voidable Identity based encryption method on lattice based on accumulator
CN110890961B (en) Novel safe and efficient multi-authorization attribute-based key negotiation protocol
Feng et al. A new public remote integrity checking scheme with user and data privacy
Yang et al. Efficient certificateless encryption withstanding attacks from malicious KGC without using random oracles
Yi et al. Distributed data possession provable in cloud

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Gao Yuanfei

Inventor after: Qie Bingbing

Inventor after: Wang Shangping

Inventor after: Du Qing

Inventor after: Zhang Yaling

Inventor before: Wang Shangping

Inventor before: Du Qing

Inventor before: Zhang Yaling

CB03 Change of inventor or designer information
TA01 Transfer of patent application right

Effective date of registration: 20181017

Address after: 518000 Shenzhen, Nanshan District, Guangdong, Guangdong Province, Tonghai Road, tongchong Road, Chong Chong International Business Center, building 5, 3905

Applicant after: Shenzhen Kang Yuan Intelligent Technology Co., Ltd.

Address before: 710048 No. 5 Jinhua South Road, Shaanxi, Xi'an

Applicant before: Xi'an University of Technology

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181127

Termination date: 20210713

CF01 Termination of patent right due to non-payment of annual fee